Keep this page open while drilling questions. AIF‑C01 rewards clean definitions, best-fit service selection, and risk-aware design (hallucinations, privacy, prompt injection, responsible use).
Quick facts (AIF-C01)
| Item | Value |
|---|
| Questions | 65 (multiple-choice + multiple-response) |
| Time | 90 minutes |
| Passing score | 700 (scaled 100–1000) |
| Cost | 100 USD |
| Domains | D1 20% • D2 24% • D3 28% • D4 14% • D5 14% |
How AIF-C01 questions work (fast strategy)
- If the prompt says least operational effort, prefer managed services (and native integrations).
- If the question is about “improving factual accuracy,” the best answer is often grounding (RAG + citations) rather than “make the model bigger.”
- If the question is about “sensitive data,” the best answer usually includes least privilege, encryption, and minimizing what you send to the model.
- If the scenario includes “untrusted user input,” think prompt injection defenses and safe tool use (allowlists, scoped permissions).
- Read the last sentence first to capture the constraint (cost, latency, safety, compliance).
0) Core mental model: a GenAI app (with RAG)
flowchart LR
U[User] --> A[App / API]
A -->|Prompt + context| FM[Foundation Model]
A -->|Embed query| E[Embeddings]
E --> VS[(Vector Store)]
VS -->|Top-k chunks| A
A -->|Policy filters| G[Guardrails / Moderation]
A -->|Logs/metrics| O[Observability]
A -->|AuthN/AuthZ| IAM[IAM / Identity]
RAG in one sentence: retrieve relevant private content, then ask the model to answer using only that content (ideally with citations).
1) AI/ML fundamentals (Domain 1)
Core terminology (must know)
| Term | Exam-friendly meaning |
|---|
| AI | Broad goal: machines doing tasks that appear intelligent (perception, language, planning). |
| ML | Subset of AI: models learn patterns from data to make predictions/decisions. |
| Deep learning | ML with neural networks (often needs more data/compute; strong for vision/language). |
| Supervised learning | Learn from labeled examples (classification/regression). |
| Unsupervised learning | Find structure without labels (clustering, dimensionality reduction). |
| Reinforcement learning | Learn actions via rewards/penalties (policies). |
| Feature / label | Input signal vs correct output. |
| Training vs inference | Fit the model vs use the model to predict/generate. |
| Overfitting | Great on training data, poor on new data (memorization). |
| Data leakage | Training sees information it shouldn’t (inflates metrics). |
| Drift | Data or reality changes → performance decays over time. |
Metrics (common, conceptual)
| Use case | Useful metrics | What to watch for |
|---|
| Classification | Precision/recall/F1, ROC-AUC | Class imbalance; false positives vs false negatives |
| Regression | MAE/MSE/RMSE | Outliers; error tolerance |
| Ranking/retrieval | Precision@k / Recall@k | “Did we retrieve the right things?” |
ML lifecycle (high level)
flowchart LR
P[Define problem + metric] --> D[Collect/prepare data]
D --> T[Train + tune]
T --> E[Evaluate]
E --> DEP[Deploy]
DEP --> M[Monitor + feedback]
M --> D
Common best answer patterns:
- If you can’t define a metric or get data, ML is usually the wrong first move.
- Production ML needs monitoring (quality/latency/cost) and retraining plans.
2) Generative AI fundamentals (Domain 2)
Key GenAI terms (must know)
| Term | Exam-friendly meaning |
|---|
| LLM | Language model that generates text from prompts. |
| Tokens | Model “chunks” of text; drives cost/limits. |
| Context window | Max tokens model can consider in one request. |
| Embeddings | Numeric vectors that capture semantic meaning for similarity search. |
| Vector store | Database/index optimized for similarity search over embeddings. |
| RAG | Retrieve relevant data and include it in the prompt to ground answers. |
| Temperature / top-p | Controls randomness vs determinism. |
| Hallucination | Output that sounds plausible but isn’t supported by facts. |
| Prompt injection | Untrusted text attempts to override instructions (“ignore previous”). |
Prompting vs RAG vs fine-tuning (decision table)
| Need | Best starting point | Why |
|---|
| Better instructions/format | Prompt engineering | Fast, cheap, reversible |
| Fresh/private knowledge | RAG | Grounds answers in your content without retraining |
| Consistent style/behavior | Fine-tuning | Teach patterns; reduces prompt complexity |
| A completely new capability | Usually not AIF-C01 scope | Consider specialist ML work |
GenAI limitations to recognize
- Factuality isn’t guaranteed → use grounding/citations and “unknown” responses.
- Context is limited → don’t paste entire corpora; retrieve and summarize.
- Outputs can be unsafe/biased → add guardrails, evaluation, and human review paths.
- Costs scale with tokens → control prompt size, choose smaller models when acceptable, cache repeated work.
3) AWS service map (what to pick when)
| You need… | Typical AWS answer |
|---|
| Managed foundation model access for GenAI apps | Amazon Bedrock |
| Build/train/tune/deploy custom ML models | Amazon SageMaker |
| A GenAI assistant for work/dev tasks | Amazon Q |
Pre-built AI services (use-case driven)
| Use case | Typical AWS service |
|---|
| Extract text/forms from documents | Amazon Textract |
| NLP (entities, sentiment, classification) | Amazon Comprehend |
| Image/video analysis | Amazon Rekognition |
| Speech-to-text | Amazon Transcribe |
| Translation | Amazon Translate |
| Text-to-speech | Amazon Polly |
| Chatbot interfaces | Amazon Lex |
| Enterprise search | Amazon Kendra |
Common building blocks for GenAI apps (glue)
| Need | Typical AWS building blocks |
|---|
| Store docs and artifacts | Amazon S3 |
| Orchestrate workflows | AWS Step Functions |
| Serverless compute | AWS Lambda |
| Containerized APIs | Amazon ECS/Fargate or Amazon EKS |
| Vector search | Amazon OpenSearch Service, Aurora PostgreSQL with pgvector |
| Secrets and keys | AWS Secrets Manager, AWS KMS |
| Audit + monitoring | AWS CloudTrail, Amazon CloudWatch |
4) RAG: design notes that show up in exam scenarios (Domain 3)
RAG architecture (end-to-end)
flowchart TB
subgraph Ingestion
S3[(Docs in S3)] --> C[Chunk + clean]
C --> EMB1[Create embeddings]
EMB1 --> VS[(Vector store)]
end
subgraph Answering
Q[User question] --> EMB2[Embed query]
EMB2 --> VS
VS --> K[Top-k chunks]
K --> P[Prompt template: instructions + context]
P --> FM[Foundation model]
FM --> A[Answer + citations]
end
High-yield design choices
- Chunking: smaller chunks improve precision; larger chunks improve context. The exam often wants “tune chunking for relevance.”
- Citations: if the requirement says “trust” or “audit,” add citations/source links.
- Freshness: if content changes often, prefer RAG over fine-tuning.
- Privacy: don’t send more data than needed; redact PII; restrict who can retrieve what (multi-tenant boundaries).
5) Prompt engineering patterns (Domain 3)
Techniques you should recognize
| Technique | What it does | When to use |
|---|
| Clear instructions + constraints | Reduces ambiguity | Most questions |
| Few-shot examples | Improves formatting/edge cases | Structured outputs |
| Delimiters | Separates instructions vs data | Untrusted input scenarios |
| Output schema | Produces predictable JSON | App integrations |
| Grounding instructions | Reduces hallucinations | RAG and knowledge tasks |
| Refusal/escalation | Safer behavior | Policy/safety constraints |
Prompt template (practical)
1Goal: Answer the user question using ONLY the provided context.
2Context:
3<<<
4{retrieved_chunks}
5>>>
6Rules:
7- If the answer is not in the context, say "Insufficient context".
8- Provide 2-3 bullet citations (source titles/ids).
9Output format (JSON):
10{"answer":"...", "citations":[{"source":"...","quote":"..."}]}
11User question: {question}
Anti-prompt-injection rule of thumb
Treat user-provided text as data, not instructions. If the model is allowed to call tools/actions, use allowlists and scoped permissions.
6) Evaluation and monitoring (Domain 3)
What to evaluate
| Dimension | How to test it (high level) |
|---|
| Correctness | Gold questions, expert review, spot checks |
| Groundedness | Require citations; verify claims against sources |
| Safety | Toxicity/harm prompts; policy violations; refusal behavior |
| Bias | Compare outcomes across groups; document disparities |
| Reliability | Regression tests for prompt/model changes |
| Latency/cost | Measure P50/P95 and token usage; set budgets |
Common “best answers”:
- Use a representative test set (not just a few demos).
- Do A/B testing when changing prompts/models.
- Monitor production for quality regressions and abuse.
7) Responsible AI (Domain 4)
Responsible AI checklist (high signal)
- Define intended use + out-of-scope use (avoid “silent expansion”).
- Add human oversight for high-impact decisions.
- Evaluate for bias and document limitations.
- Implement safety policies (harmful content, privacy leakage).
- Be transparent with users (what it is, what it isn’t, how to verify).
Common risks and mitigations
| Risk | Typical mitigation |
|---|
| Hallucinations | RAG + citations; “unknown” responses |
| Unsafe content | Guardrails/moderation + refusal behavior |
| Privacy leakage | Data minimization; redaction; access controls |
| Bias/unfairness | Diverse evaluation sets; monitoring and remediation |
| Over-trust | User messaging + explainability + source links |
8) Security, compliance, and governance (Domain 5)
Security “gotchas” the exam expects you to notice
- Over-permissive IAM roles (“*” actions/resources)
- Secrets embedded in prompts, logs, or code
- Sending unnecessary sensitive data to the model
- No audit trail for access and changes
- Tool use without constraints (model can “do anything”)
AWS controls to name in answers (by theme)
| Theme | Common AWS controls |
|---|
| Identity | IAM roles/policies, least privilege |
| Encryption | AWS KMS, TLS |
| Secrets | AWS Secrets Manager |
| Network | VPC endpoints/PrivateLink, security groups |
| Audit | AWS CloudTrail |
| Monitoring | Amazon CloudWatch, AWS Security Hub, Amazon GuardDuty |
| Governance | AWS Organizations (accounts, SCPs), tagging |
| Compliance evidence | AWS Artifact |
Next steps
- Use the Syllabus as your checklist (objective-by-objective).
- Use Practice to drill weak tasks fast.
- Use the Study Plan if you want a 30/60/90-day schedule.